CHANGES revision 506a2177bfafa4321cf1ba27ff4a1d09bac69e14
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2961. [bug] Be still more selective about the non-authoritative
7d32c065c7bb56f281651ae3dd2888f32ce4f1d9Bob Halley answers we apply change 2748 to. [RT #22074]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2960. [func] Check that named accepts non-authoritative answers.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2959. [func] Check that named starts with a missing masterfile.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2958. [bug] named failed to start with a missing master file.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2957. [bug] entropy_get() and entropy_getpseudo() failed to match
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews the API for RAND_bytes() and RAND_pseudo_bytes()
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews respectively. [RT #21962]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2956. [port] Enable atomic operations on the PowerPC64. [RT #21899]
0c310d16b05ee94743d33f6920907edee6084fc8Michael Graff2955. [func] Provide more detail in the recursing log. [RT #22043]
de153390f5a1f6d4fa86af91d4cae772d9846ca0Mark Andrews2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
0c310d16b05ee94743d33f6920907edee6084fc8Michael Graff build_sqldbinstance failure. [RT #21623]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2953. [bug] Silence spurious "expected covering NSEC3, got an
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence exact match" message when returning a wildcard
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence no data response. [RT #21744]
0c310d16b05ee94743d33f6920907edee6084fc8Michael Graff2952. [port] win32: named-checkzone and named-checkconf failed
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence to initialise winsock. [RT #21932]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence2951. [bug] named failed to generate a correct signed response
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence in a optout, delegation only zone with no secure
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence delegations. [RT #22007]
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews2950. [bug] named failed to perform a SOA up to date check when
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence falling back to TCP on UDP timeouts when
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews ixfr-from-differences was set. [RT #21595]
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews2949. [bug] dns_view_setnewzones() contained a memory leak if
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson it was called multiple times. [RT #21942]
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson2948. [port] MacOS: provide a mechanism to configure the test
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews interfaces at reboot. See bin/tests/system/README
eb6bd543c7d072efdca509eb17f8f301c1467b53Mark Andrews for details.
600cfa2ba4c50017581b6c14e3a688a82ecebbe0David Lawrence2947. [placeholder]
eb6bd543c7d072efdca509eb17f8f301c1467b53Mark Andrews2946. [doc] Document the default values for the minimum and maximum
deaaf94332abbfdb3aff53675546acfed16e5eb6Mark Andrews zone refresh and retry values in the ARM. [RT #21886]
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence2945. [doc] Update empty-zones list in ARM. [RT #21772]
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence2944. [maint] Remove ORCHID prefix from built in empty zones.
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence2943. [func] Add support to load new keys into managed zones
0b056755b2f423ba5f6adac8f7851d78f7d11437David Lawrence without signing immediately with "rndc loadkeys".
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence Add support to link keys with "dnssec-keygen -S"
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence and "dnssec-settime -S". [RT #21351]
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence2942. [contrib] zone2sqlite failed to setup the entropy sources.
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence2941. [bug] sdb and sdlz (dlz's zone database) failed to support
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence DNAME at the zone apex. [RT #21610]
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence2940. [port] Remove connection aborted error message on
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence Windows. [RT #21549]
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence2939. [func] Check that named successfully skips NSEC3 records
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence that fail to match the NSEC3PARAM record currently
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence in use. [RT# 21868]
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence2938. [bug] When generating signed responses, from a signed zone
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence that uses NSEC3, named would use a uninitialised
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence pointer if it needed to skip a NSEC3 record because
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence it didn't match the selected NSEC3PARAM record for
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson zone. [RT# 21868]
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson2937. [bug] Worked around an apparent race condition in over
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson memory conditions. Without this fix a DNS cache DB or
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson ADB could incorrectly stay in an over memory state,
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson effectively refusing further caching, which
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson subsequently made a BIND 9 caching server unworkable.
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson This fix prevents this problem from happening by
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson polling the state of the memory context, rather than
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence making a copy of the state, which appeared to cause
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson a race. This is a "workaround" in that it doesn't
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson solve the possible race per se, but several experiments
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence proved this change solves the symptom. Also, the
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence polling overhead hasn't been reported to be an issue.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence This bug should only affect a caching server that
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence specifies a finite max-cache-size. It's also quite
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence likely that the bug happens only when enabling threads,
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence but it's not confirmed yet. [RT #21818]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2936. [func] Improved configuration syntax and multiple-view
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence support for addzone/delzone feature (see change
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence #2930). Removed "new-zone-file" option, replaced
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence with "allow-new-zones (yes|no)". The new-zone-file
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence for each view is now created automatically, with
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence a filename generated from a hash of the view name.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence It is no longer necessary to "include" the
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence new-zone-file in named.conf; this happens
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence automatically. Zones that were not added via
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence "rndc addzone" can no longer be removed with
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence "rndc delzone". [RT #19447]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2935. [bug] nsupdate: improve 'file not found' error message.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2933. [bug] 'dig +nsid' used stack memory after it went out of
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence scope. This could potentially result in a unknown,
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence potentially malformed, EDNS option being sent instead
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence of the desired NSID option. [RT #21781]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2932. [cleanup] Corrected a numbering error in the "dnssec" test.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2931. [bug] Temporarily and partially disable change 2864
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence because it would cause inifinite attempts of RRSIG
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence queries. This is an urgent care fix; we'll
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence revisit the issue and complete the fix later.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2930. [experimental] New "rndc addzone" and "rndc delzone" commads
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence allow dynamic addition and deletion of zones.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence To enable this feature, specify a "new-zone-file"
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence option at the view or options level in named.conf.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence Zone configuration information for the new zones
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence will be written into that file. To make the new
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence zones persist after a restart, "include" the file
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence into named.conf in the appropriate view. (Note:
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence This feature is not yet documented, and its syntax
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence is expected to change.) [RT #19447]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2929. [bug] Improved handling of GSS security contexts:
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence - added LRU expiration for generated TSIGs
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence - added the ability to use a non-default realm
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence - added new "realm" keyword in nsupdate
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence - limited lifetime of generated keys to 1 hour
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence or the lifetime of the context (whichever is
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2928. [bug] Be more selective about the non-authoritative
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence answer we apply change 2748 to. [RT #21594]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2927. [placeholder]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2926. [placeholder]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2925. [bug] Named failed to accept uncachable negative responses
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence from insecure zones. [RT# 21555]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2924. [func] 'rndc secroots' dump a combined summary of the
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence current managed keys combined with trusted keys.
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence2923. [bug] 'dig +trace' could drop core after "connection
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence timeout". [RT #21514]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2922. [contrib] Update zkt to version 1.0.
7ab0e69f61e61e81d489c95c7ebd981e74e7ef16Andreas Gustafsson2921. [bug] The resolver could attempt to destroy a fetch context
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews too soon. [RT #19878]
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews to IPv4 clients. New acl 'filter-aaaa' (default any).
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews2919. [func] Add autosign-ksk and autosign-zsk virtual time tests.
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews2917. [func] Virtual time test framework. [RT #20801]
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews2916. [func] Add framework to use IPv6 in tests.
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews2915. [cleanup] Be smarter about which objects we attempt to compile
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews based on configure options. [RT #21444]
f6407f9a0b890bebbfd5f738d9c4aef3d3315fe9Michael Graff2914. [bug] Make the "autosign" system test more portable.
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews2913. [func] Add pkcs#11 system tests. [RT #20784]
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrews2912. [func] Windows clients don't like UPDATE responses that clear
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews the zone section. [RT #20986]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2911. [bug] dnssec-signzone didn't handle out of zone records well.
bed8e84810a80dad3d37870be927d1dfd015f480Mark Andrews2910. [func] Sanity check Kerberos credentials. [RT #20986]
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews2909. [bug] named-checkconf -p could die if "update-policy local;"
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews was specified in named.conf. [RT #21416]
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews2908. [bug] It was possible for re-signing to stop after removing
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews a DNSKEY. [RT #21384]
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews2907. [bug] The export version of libdns had undefined references.
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews2906. [bug] Address RFC 5011 implementation issues. [RT #20903]
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington2905. [port] aix: set use_atomic=yes with native compiler.
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews2904. [bug] When using DLV, sub-zones of the zones in the DLV,
613991eef6bb79b9703382aff26cddd0281da915Bob Halley could be incorrectly marked as insecure instead of
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews secure leading to negative proofs failing. This was
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews a unintended outcome from change 2890. [RT# 21392]
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington2903. [bug] managed-keys-directory missing from namedconf.c.
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington2902. [func] Add regression test for change 2897. [RT #21040]
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington2900. [bug] The placeholder negative caching element was not
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington properly constructed triggering a INSIST in
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews dns_ncache_towire(). [RT #21346]
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews2899. [port] win32: Support linking against OpenSSL 1.0.0.
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews2898. [bug] nslookup leaked memory when -domain=value was
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews specified. [RT #21301]
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews2897. [bug] NSEC3 chains could be left behind when transitioning
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson to insecure. [RT #21040]
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews2896. [bug] "rndc sign" failed to properly update the zone
bcd7fdf06ca76eb2f6eb157f56b612c503e062a7Mark Andrews when adding a DNSKEY for publication only. [RT #21045]
bcd7fdf06ca76eb2f6eb157f56b612c503e062a7Mark Andrews2895. [func] genrandom: add support for the generation of multiple
bcd7fdf06ca76eb2f6eb157f56b612c503e062a7Mark Andrews files. [RT #20917]
bcd7fdf06ca76eb2f6eb157f56b612c503e062a7Mark Andrews2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews2893. [bug] Improve managed keys support. New named.conf option
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews managed-keys-directory. [RT #20924]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2892. [bug] Handle REVOKED keys better. [RT #20961]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2891. [maint] Update empty-zones list to match
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2890. [bug] Handle the introduction of new trusted-keys and
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson DS, DLV RRsets better. [RT #21097]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2889. [bug] Elements of the grammar where not properly reported.
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews2888. [bug] Only the first EDNS option was displayed. [RT #21273]
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence2887. [bug] Report the keytag times in UTC in the .key file,
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff local time is presented as a comment within the
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff comment. [RT #21223]
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington2886. [bug] ctime() is not thread safe. [RT #21223]
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff2885. [bug] Improve -fno-strict-aliasing support probing in
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff configure. [RT #21080]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2884. [bug] Insufficient valadation in dns_name_getlabelsequence().
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2883. [bug] 'dig +short' failed to handle really large datasets.
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2882. [bug] Remove memory context from list of active contexts
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson before clearing 'magic'. [RT #21274]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2881. [bug] Reduce the amount of time the rbtdb write lock
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson is held when closing a version. [RT #21198]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson consistent. [RT #21078]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2878. [func] Incrementally write the master file after performing
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson a AXFR. [RT #21010]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2877. [bug] The validator failed to skip obviously mismatching
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson RRSIGs. [RT #21138]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2876. [bug] Named could return SERVFAIL for negative responses
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson from unsigned zones. [RT #21131]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2875. [bug] dns_time64_fromtext() could accept non digits.
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2874. [bug] Cache lack of EDNS support only after the server
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson successfully responds to the query using plain DNS.
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2873. [bug] Canceling a dynamic update via the dns/client module
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson could trigger an assertion failure. [RT #21133]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2872. [bug] Modify dns/client.c:dns_client_createx() to only
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews require one of IPv4 or IPv6 rather than both.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2871. [bug] Type mismatch in mem_api.c between the definition and
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews the header file, causing build failure with
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews --enable-exportlib. [RT #21138]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
d981ca645597116d227a48bf37cc5edc061c854dBob Halley2868. [cleanup] Run "make clean" at the end of configure to ensure
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews any changes made by configure are integrated.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews Use --with-make-clean=no to disable. [RT #20994]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews don't like it. [RT #20986]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2866. [bug] Windows does not like the TSIG name being compressed.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2865. [bug] memset to zero event.data. [RT #20986]
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2862. [bug] nsupdate didn't default to the parent zone when
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews updating DS records. [RT #20896]
d981ca645597116d227a48bf37cc5edc061c854dBob Halley2861. [doc] dnssec-settime man pages didn't correctly document the
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews inactivation time. [RT #21039]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2860. [bug] named-checkconf's usage was out of date. [RT #21039]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2859. [bug] When cancelling validation it was possible to leak
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews memory. [RT #20800]
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews2858. [bug] RTT estimates were not being adjusted on ICMP errors.
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews2857. [bug] named-checkconf did not fail on a bad trusted key.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2856. [bug] The size of a memory allocation was not always properly
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews recorded. [RT #20927]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2855. [func] nsupdate will now preserve the entered case of domain
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews names in update requests it sends. [RT #20928]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2854. [func] dig: allow the final soa record in a axfr response to
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews be suppressed, dig +onesoa. [RT #20929]
d981ca645597116d227a48bf37cc5edc061c854dBob Halley2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
19d365e4448f1782611280b020987988b7ac3210Mark Andrews2851. [doc] nslookup.1, removed <informalexample> from the docbook
19d365e4448f1782611280b020987988b7ac3210Mark Andrews source as it produced bad nroff. [RT #21007]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2850. [bug] If isc_heap_insert() failed due to memory shortage
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews the heap would have corrupted entries. [RT #20951]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2849. [bug] Don't treat errors from the xml2 library as fatal.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2848. [doc] Moved README.dnssec, README.libdns, README.pkcs11 and
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence README.rfc5011 into the ARM. [RT #20899]
19d365e4448f1782611280b020987988b7ac3210Mark Andrews2847. [cleanup] Corrected usage message in dnssec-settime. [RT #20921]
19d365e4448f1782611280b020987988b7ac3210Mark Andrews2846. [bug] EOF on unix domain sockets was not being handled
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews correctly. [RT #20731]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2845. [bug] RFC 5011 client could crash on shutdown. [RT #20903]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2844. [doc] notify-delay default in ARM was wrong. It should have
d981ca645597116d227a48bf37cc5edc061c854dBob Halley been five (5) seconds.
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews2843. [func] Prevent dnssec-keygen and dnssec-keyfromlabel from
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews creating key files if there is a chance that the new
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews key ID will collide with an existing one after
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff either of the keys has been revoked. (To override
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews this in the case of dnssec-keyfromlabel, use the -y
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews option. dnssec-keygen will simply create a
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews different, non-colliding key, so an override is
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews not necessary.) [RT #20838]
19d365e4448f1782611280b020987988b7ac3210Mark Andrews2842. [func] Added "smartsign" and improved "autosign" and
19d365e4448f1782611280b020987988b7ac3210Mark Andrews "dnssec" regression tests. [RT #20865]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2841. [bug] Change 2836 was not complete. [RT #20883]
0c310d16b05ee94743d33f6920907edee6084fc8Michael Graff2840. [bug] Temporary fixed pkcs11-destroy usage check.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2839. [bug] A KSK revoked by named could not be deleted.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2838. [placeholder]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2837. [port] Prevent Linux spurious warnings about fwrite().
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews2836. [bug] Keys that were scheduled to become active could
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews be delayed. [RT #20874]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2835. [bug] Key inactivity dates were inadvertently stored in
d981ca645597116d227a48bf37cc5edc061c854dBob Halley the private key file with the outdated tag
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews "Unpublish" rather than "Inactive". This has been
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews fixed; however, any existing keys that had Inactive
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff dates set will now need to have them reset, using
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews 'dnssec-settime -I'. [RT #20868]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2834. [bug] HMAC-SHA* keys that were longer than the algorithm
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews digest length were used incorrectly, leading to
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews interoperability problems with other DNS
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews implementations. This has been corrected.
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff (Note: If an oversize key is in use, and
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews compatibility is needed with an older release of
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews BIND, the new tool "isc-hmac-fixup" can convert
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews the key secret to a form that will work with all
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff versions.) [RT #20751]
f0a5bb8f86631ce638cb2b6c65bbb9bcf9b0cdc0Bob Halley2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime.
19d365e4448f1782611280b020987988b7ac3210Mark Andrews2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence to avoid redefinition in some OSes [RT 20831]
19d365e4448f1782611280b020987988b7ac3210Mark Andrews2831. [security] Do not attempt to validate or cache
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews out-of-bailiwick data returned with a secure
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews answer; it must be re-fetched from its original
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews source and validated in that context. [RT #20819]
f0a5bb8f86631ce638cb2b6c65bbb9bcf9b0cdc0Bob Halley2830. [bug] Changing the OPTOUT setting could take multiple
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff passes. [RT #20813]
f0a5bb8f86631ce638cb2b6c65bbb9bcf9b0cdc0Bob Halley2829. [bug] Fixed potential node inconsistency in rbtdb.c.
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2828. [security] Cached CNAME or DNAME RR could be returned to clients
52637f592f705ca93fadc218e403fd55e8ce4aeaMark Andrews without DNSSEC validation. [RT #20737]
7c0378745269fe49a05904935afc42b85528f53aDavid Lawrence2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2826. [bug] NSEC3->NSEC transitions could fail due to a lock not
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews being released. [RT #20740]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
d981ca645597116d227a48bf37cc5edc061c854dBob Halley was in the process of being created was not properly
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews recorded in the zone. [RT #20786]
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews2824. [bug] "rndc sign" was not being run by the correct task.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews2822. [bug] rbtdb.c:loadnode() could return the wrong result.
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson2821. [doc] Add note that named-checkconf doesn't automatically
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence2820. [func] Handle read access failure of OpenSSL configuration
fdd04623a6a36aad8449ef0877d8801a558873b8Mark Andrews file more user friendly (PKCS#11 engine patch).
19d365e4448f1782611280b020987988b7ac3210Mark Andrews2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2818. [cleanup] rndc could return an incorrect error code
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews when a zone was not found. [RT #20767]
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls.
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2816. [bug] previous_closest_nsec() could fail to return
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews data for NSEC3 nodes [RT #29730]
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2815. [bug] Exclusively lock the task when freezing a zone.
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2814. [func] Provide a definitive error message when a master
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews zone is not loaded. [RT #20757]
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews2813. [bug] Better handling of unreadable DNSSEC key files.
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews2812. [bug] Make sure updates can't result in a zone with
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews NSEC-only keys and NSEC3 records. [RT 20748]
fdd04623a6a36aad8449ef0877d8801a558873b8Mark Andrews2811. [cleanup] Add "rndc sign" to list of commands in rndc usage
fdd04623a6a36aad8449ef0877d8801a558873b8Mark Andrews output. [RT #20733]
fdd04623a6a36aad8449ef0877d8801a558873b8Mark Andrews2810. [doc] Clarified the process of transitioning an NSEC3 zone
035504dbd8ca5949e8380b860873b3385a4e61e5Mark Andrews to insecure. [RT #20746]
035504dbd8ca5949e8380b860873b3385a4e61e5Mark Andrews2809. [cleanup] Restored accidentally-deleted text in usage output
fdd04623a6a36aad8449ef0877d8801a558873b8Mark Andrews in dnssec-settime and dnssec-revoke [RT #20739]
fdd04623a6a36aad8449ef0877d8801a558873b8Mark Andrews2808. [bug] Remove the attempt to install atomic.h from lib/isc.
fdd04623a6a36aad8449ef0877d8801a558873b8Mark Andrews atomic.h is correctly installed by the architecture
fdd04623a6a36aad8449ef0877d8801a558873b8Mark Andrews specific subdirectories. [RT #20722]
fdd04623a6a36aad8449ef0877d8801a558873b8Mark Andrews2807. [bug] Fixed a possible ASSERT when reconfiguring zone
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff keys. [RT #20720]
fdd04623a6a36aad8449ef0877d8801a558873b8Mark Andrews --- 9.7.0rc1 released ---
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2806. [bug] "rdnc sign" could delay re-signing the DNSKEY
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews when it had changed. [RT #20703]
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews2805. [bug] Fixed namespace problems encountered when building
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews external programs using non-exported BIND9 libraries
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews (i.e., built without --enable-exportlib). [RT #20679]
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews2804. [bug] Send notifies when a zone is signed with "rndc sign"
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews or as a result of a scheduled key change. [RT #20700]
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2803. [port] win32: Install named-journalprint, nsec3hash, arpaname
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews and genrandom under windows. [RT #20670]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2802. [cleanup] Rename journalprint to named-journalprint. [RT #20670]
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2801. [func] Detect and report records that are different according
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews to DNSSEC but are sematically equal according to plain
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews DNS. Apply plain DNS comparisons rather than DNSSEC
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews comparisons when processing UPDATE requests.
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews dnssec-signzone now removes such semantically duplicate
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews records prior to signing the RRset.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews named-checkzone -r {ignore|warn|fail} (default warn)
d981ca645597116d227a48bf37cc5edc061c854dBob Halley named-compilezone -r {ignore|warn|fail} (default warn)
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff named.conf: check-dup-records {ignore|warn|fail};
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2800. [func] Reject zones which have NS records which refer to
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews CNAMEs, DNAMEs or don't have address record (class IN
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews only). Reject UPDATEs which would cause the zone
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews to fail the above checks if committed. [RT #20678]
ae70d32b67cf30e06553c01479e71c87b21d984cBob Halley2799. [cleanup] Changed the "secure-to-insecure" option to
ae70d32b67cf30e06553c01479e71c87b21d984cBob Halley "dnssec-secure-to-insecure", and "dnskey-ksk-only"
19d365e4448f1782611280b020987988b7ac3210Mark Andrews to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews2798. [bug] Addressed bugs in managed-keys initialization
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews and rollover. [RT #20683]
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence2797. [bug] Don't decrement the dispatch manager's maxbuffers.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2796. [bug] Missing dns_rdataset_disassociate() call in
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence dns_nsec3_delnsec3sx(). [RT #20681]
f8aae502686e2448c48f56697c212a50e2a1cbaeAndreas Gustafsson2795. [cleanup] Add text to differentiate "update with no effect"
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff log messages. [RT #18889]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2794. [bug] Install <isc/namespace.h>. [RT #20677]
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews2793. [func] Add "autosign" and "metadata" tests to the
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews automatic tests. [RT #19946]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2792. [func] "filter-aaaa-on-v4" can now be set in view
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews options (if compiled in). [RT #20635]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2791. [bug] The installation of isc-config.sh was broken.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2790. [bug] Handle DS queries to stub zones. [RT #20440]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
7ab0e69f61e61e81d489c95c7ebd981e74e7ef16Andreas Gustafsson2788. [bug] dnssec-signzone could sign with keys that were
7ab0e69f61e61e81d489c95c7ebd981e74e7ef16Andreas Gustafsson not requested [RT #20625]
7ab0e69f61e61e81d489c95c7ebd981e74e7ef16Andreas Gustafsson2787. [bug] Spurious log message when zone keys were
ae70d32b67cf30e06553c01479e71c87b21d984cBob Halley dynamically reconfigured. [RT #20659]
7ab0e69f61e61e81d489c95c7ebd981e74e7ef16Andreas Gustafsson2786. [bug] Additional could be promoted to answer. [RT #20663]
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson --- 9.7.0b3 released ---
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson2785. [bug] Revoked keys could fail to self-sign [RT #20652]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2784. [bug] TC was not always being set when required glue was
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence dropped. [RT #20655]
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson buffer size of 512 or less. [RT #20654]
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson2782. [port] win32: use getaddrinfo() for hostname lookups.
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson2781. [bug] Inactive keys could be used for signing. [RT #20649]
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson2780. [bug] dnssec-keygen -A none didn't properly unset the
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson activation date in all cases. [RT #20648]
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson2779. [bug] Dynamic key revokation could fail. [RT #20644]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2778. [bug] dnssec-signzone could fail when a key was revoked
d981ca645597116d227a48bf37cc5edc061c854dBob Halley without deleting the unrevoked version. [RT #20638]
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2776. [bug] Change #2762 was not correct. [RT #20647]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2775. [bug] Accept RSASHA256 and RSASHA512 as NSEC3 compatible
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews in dnssec-keyfromlabel. [RT #20643]
19d365e4448f1782611280b020987988b7ac3210Mark Andrews2774. [bug] Existing cache DB wasn't being reused after
19d365e4448f1782611280b020987988b7ac3210Mark Andrews reconfiguration. [RT #20629]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2773. [bug] In autosigned zones, the SOA could be signed
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews with the KSK. [RT #20628]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2772. [security] When validating, track whether pending data was from
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews the additional section or not and only return it if
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews validates as secure. [RT #20438]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2771. [bug] dnssec-signzone: DNSKEY records could be
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews corrupted when importing from key files [RT #20624]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2770. [cleanup] Add log messages to resolver.c to indicate events
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff causing FORMERR responses. [RT #20526]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2769. [cleanup] Change #2742 was incomplete. [RT #19589]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2768. [bug] dnssec-signzone: -S no longer implies -g [RT #20568]
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews2767. [bug] named could crash on startup if a zone was
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff configured with auto-dnssec and there was no
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews key-directory. [RT #20615]
19d365e4448f1782611280b020987988b7ac3210Mark Andrews2766. [bug] isc_socket_fdwatchpoke() should only update the
19d365e4448f1782611280b020987988b7ac3210Mark Andrews socketmgr state if the socket is not pending on a
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews read or write. [RT #20603]
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews2765. [bug] Skip masters for which the TSIG key cannot be found.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2764. [bug] "rndc-confgen -a" could trigger a REQUIRE. [RT #20610]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2763. [bug] "rndc sign" didn't create an NSEC chain. [RT #20591]
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews2762. [bug] DLV validation failed with a local slave DLV zone.
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews2761. [cleanup] Enable internal symbol table for backtrace only for
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews systems that are known to work. Currently, BSD
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews variants, Linux and Solaris are supported. [RT# 20202]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]
d981ca645597116d227a48bf37cc5edc061c854dBob Halley2759. [doc] Add information about .jbk/.jnw files to
d981ca645597116d227a48bf37cc5edc061c854dBob Halley the ARM. [RT #20303]
d981ca645597116d227a48bf37cc5edc061c854dBob Halley2758. [bug] win32: Added a workaround for a windows 2008 bug
d981ca645597116d227a48bf37cc5edc061c854dBob Halley that could cause the UDP client handler to shut
d981ca645597116d227a48bf37cc5edc061c854dBob Halley down. [RT #19176]
d981ca645597116d227a48bf37cc5edc061c854dBob Halley2757. [bug] dig: assertion failure could occur in connect
d981ca645597116d227a48bf37cc5edc061c854dBob Halley timeout. [RT #20599]
d981ca645597116d227a48bf37cc5edc061c854dBob Halley2756. [bug] Fixed corrupt logfile message in update.c. [RT# 20597]
d981ca645597116d227a48bf37cc5edc061c854dBob Halley2755. [placeholder]
d981ca645597116d227a48bf37cc5edc061c854dBob Halley2754. [bug] Secure-to-insecure transitions failed when zone
d981ca645597116d227a48bf37cc5edc061c854dBob Halley was signed with NSEC3. [RT #20587]
d981ca645597116d227a48bf37cc5edc061c854dBob Halley2753. [bug] Removed an unnecessary warning that could appear when
d981ca645597116d227a48bf37cc5edc061c854dBob Halley building an NSEC chain. [RT #20589]
d981ca645597116d227a48bf37cc5edc061c854dBob Halley2752. [bug] Locking violation. [RT #20587]
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley2751. [bug] Fixed a memory leak in dnssec-keyfromlabel. [RT #20588]
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley2750. [bug] dig: assertion failure could occur when a server
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley didn't have an address. [RT #20579]
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley2749. [bug] ixfr-from-differences generated a non-minimal ixfr
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley for NSEC3 signed zones. [RT #20452]
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley2748. [func] Identify bad answers from GTLD servers and treat them
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley as referrals. [RT #18884]
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley2747. [bug] Journal roll forwards failed to set the re-signing
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley time of RRSIGs correctly. [RT #20541]
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley2746. [port] hpux: address signed/unsigned expansion mismatch of
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley2745. [bug] configure script didn't probe the return type of
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley gai_strerror(3) correctly. [RT #20573]
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff2744. [func] Log if a query was over TCP. [RT #19961]
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff2743. [bug] RRSIG could be incorrectly set in the NSEC3 record
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff for a insecure delegation.
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff --- 9.7.0b2 released ---
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff2742. [cleanup] Clarify some DNSSEC-related log messages in
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2741. [func] Allow the dnssec-keygen progress messages to be
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson suppressed (dnssec-keygen -q). Automatically
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson suppress the progress messages when stdin is not
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson a tty. [RT #20474]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2740. [placeholder]
88ba491496daf4463a2c898be8a6c47775a6d048Mark Andrews2739. [cleanup] Clean up API for initializing and clearing trust
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson anchors for a view. [RT #20211]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson test. [RT #20453]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2737. [func] UPDATE requests can leak existance information.
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2736. [func] Improve the performance of NSEC signed zones with
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson more than a normal amount of glue below a delegation.
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2735. [bug] dnssec-signzone could fail to read keys
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson that were specified on the command line with
34b394b43e2207e8f8f3703f0402422121455638David Lawrence full paths, but weren't in the current
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson directory. [RT #20421]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2734. [port] cygwin: arpaname did not compile. [RT #20473]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2733. [cleanup] Clean up coding style in pkcs11-* tools. [RT #20355]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2732. [func] Add optional filter-aaaa-on-v4 option, available
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson if built with './configure --enable-filter-aaaa'.
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson Filters out AAAA answers to clients connecting
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson via IPv4. (This is NOT recommended for general
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson use.) [RT #20339]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2731. [func] Additional work on change 2709. The key parser
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson will now ignore unrecognized fields when the
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff minor version number of the private key format
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson has been increased. It will reject any key with
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson the major version number increased. [RT #20310]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2730. [func] Have dnssec-keygen display a progress indication
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson a la 'openssl genrsa' on standard error. Note
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff when the first '.' is followed by a long stop
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson one has the choice between slow generation vs.
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson poor random quality, i.e., '-r /dev/urandom'.
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2729. [func] When constructing a CNAME from a DNAME use the DNAME
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson TTL. [RT #20451]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2728. [bug] dnssec-keygen, dnssec-keyfromlabel and
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson dnssec-signzone now warn immediately if asked to
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson write into a nonexistent directory. [RT #20278]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2727. [func] The 'key-directory' option can now specify a relative
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson path. [RT #20154]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2726. [func] Added support for SHA-2 DNSSEC algorithms,
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff RSASHA256 and RSASHA512. [RT #20023]
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff2725. [doc] Added information about the file "managed-keys.bind"
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff to the ARM. [RT #20235]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2724. [bug] Updates to a existing node in secure zone using NSEC
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence were failing. [RT #20448]
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews2723. [bug] isc_base32_totext(), isc_base32hex_totext(), and
16996a04884731d647f43a5eb54f678581f09f68David Lawrence isc_base64_totext(), didn't always mark regions of
16996a04884731d647f43a5eb54f678581f09f68David Lawrence memory as fully consumed after conversion. [RT #20445]
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence2722. [bug] Ensure that the memory associated with the name of
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence a node in a rbt tree is not altered during the life
16996a04884731d647f43a5eb54f678581f09f68David Lawrence of the node. [RT #20431]
600cfa2ba4c50017581b6c14e3a688a82ecebbe0David Lawrence2721. [port] Have dst__entropy_status() prime the random number
600cfa2ba4c50017581b6c14e3a688a82ecebbe0David Lawrence generator. [RT #20369]
16996a04884731d647f43a5eb54f678581f09f68David Lawrence2720. [bug] RFC 5011 trust anchor updates could trigger an
16996a04884731d647f43a5eb54f678581f09f68David Lawrence assert if the DNSKEY record was unsigned. [RT #20406]
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff2719. [func] Skip trusted/managed keys for unsupported algorithms.
fc024be774c7cdee938da018aa3994be746e36deDavid Lawrence2718. [bug] The space calculations in opensslrsa_todns() were
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff incorrect. [RT #20394]
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff2717. [bug] named failed to update the NSEC/NSEC3 record when
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff the last private type record was removed as a result
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff of completing the signing the zone with a key.
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff2716. [bug] nslookup debug mode didn't return the ttl. [RT #20414]
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff --- 9.7.0b1 released ---
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff2715. [bug] Require OpenSSL support to be explicitly disabled.
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff2713. [bug] powerpc: atomic operations missing asm("ics") /
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews __isync() calls.
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff2712. [func] New 'auto-dnssec' zone option allows zone signing
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff to be fully automated in zones configured for
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews dynamic DNS. 'auto-dnssec allow;' permits a zone
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews to be signed by creating keys for it in the
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews key-directory and using 'rndc sign <zone>'.
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff 'auto-dnssec maintain;' allows that too, plus it
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence also keeps the zone's DNSSEC keys up to date
16996a04884731d647f43a5eb54f678581f09f68David Lawrence according to their timing metadata. [RT #19943]
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff2711. [port] win32: Add the bin/pkcs11 tools into the full
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff build. [RT #20372]
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only'
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff zone option cause a zone to be signed with only KSKs
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff signing the DNSKEY RRset, not ZSKs. This reduces
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff the size of a DNSKEY answer. [RT #20340]
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff2709. [func] Added some data fields, currently unused, to the
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff private key file format, to allow implementation
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff of explicit key rollover in a future release
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff without impairing backward or forward compatibility.
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff2708. [func] Insecure to secure and NSEC3 parameter changes via
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff update are now fully supported and no longer require
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff defines to enable. We now no longer overload the
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews NSEC3PARAM flag field, nor the NSEC OPT bit at the
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff apex. Secure to insecure changes are controlled by
79eec6934923f97a61edb8dbe2641ce56dc30085Bob Halley by the named.conf option 'secure-to-insecure'.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence Warning: If you had previously enabled support by
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff adding defines at compile time to BIND 9.6 you should
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews ensure that all changes that are in progress have
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff completed prior to upgrading to BIND 9.7. BIND 9.7
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff is not backwards compatible.
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff2707. [func] dnssec-keyfromlabel no longer require engine name
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff to be specified in the label if there is a default
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff engine or the -E option has been used. Also, it
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff now uses default algorithms as dnssec-keygen does
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence (i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff2706. [bug] Loading a zone with a very large NSEC3 salt could
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff trigger an assert. [RT #20368]
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff2705. [placeholder]
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff2704. [bug] Serial of dynamic and stub zones could be inconsistent
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff with their SOA serial. [RT #19387]
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews2703. [func] Introduce an OpenSSL "engine" argument with -E
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews for all binaries which can take benefit of
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews crypto hardware. [RT #20230]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2702. [func] Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff2701. [doc] Correction to ARM: hmac-md5 is no longer the only
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff supported TSIG key algorithm. [RT #18046]
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff2700. [doc] The match-mapped-addresses option is discouraged.
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff2699. [bug] Missing lock in rbtdb.c. [RT #20037]
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews2698. [placeholder]
79eec6934923f97a61edb8dbe2641ce56dc30085Bob Halley2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and
79eec6934923f97a61edb8dbe2641ce56dc30085Bob Halley S_IFREG are defined after including <isc/stat.h>.
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington2696. [bug] named failed to successfully process some valid
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington acl constructs. [RT #20308]
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington2695. [func] DHCP/DDNS - update fdwatch code for use by
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews DHCP. Modify the api to isc_sockfdwatch_t (the
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews callback funciton for isc_socket_fdwatchcreate)
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff to include information about the direction (read
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews or write) and add isc_socket_fdwatchpoke.
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews2694. [bug] Reduce default NSEC3 iterations from 100 to 10.
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington2693. [port] Add some noreturn attributes. [RT #20257]
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington2692. [port] win32: 32/64 bit cleanups. [RT #20335]
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington chain when re-signing a previously-signed zone.
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington Use -u to modify NSEC3 parameters or switch
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington between NSEC and NSEC3. [RT #20304]
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington2690. [bug] win32: fix isc_thread_key_getspecific() prototype.
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews2689. [bug] Correctly handle snprintf result. [RT #20306]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT,
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson to decide to fetch the destination address. [RT #20305]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2687. [bug] Fixed dnssec-signzone -S handling of revoked keys.
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews Also, added warnings when revoking a ZSK, as this is
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff not defined by protocol (but is legal). [RT #19943]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2686. [bug] dnssec-signzone should clean the old NSEC chain when
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews signing with NSEC3 and vice versa. [RT #20301]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2684. [cleanup] dig: formalize +ad and +cd as synonyms for
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson +adflag and +cdflag. [RT #19305]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2683. [bug] dnssec-signzone should clean out old NSEC3 chains when
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson the NSEC3 parameters used to sign the zone change.
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2682. [bug] "configure --enable-symtable=all" failed to
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson build. [RT #20282]
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff decoded. [RT #20269]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2680. [func] Move contrib/pkcs11-keygen to bin/pkcs11. [RT #20067]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2679. [func] dig -k can now accept TSIG keys in named.conf
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff format. [RT #20031]
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews2678. [func] Treat DS queries as if "minimal-response yes;"
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff was set. [RT #20258]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2677. [func] Changes to key metadata behavior:
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews - Keys without "publish" or "active" dates set will
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews no longer be used for smart signing. However,
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff those dates will be set to "now" by default when
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson a key is created; to generate a key but not use
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson it yet, use dnssec-keygen -G.
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson - New "inactive" date (dnssec-keygen/settime -I)
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson sets the time when a key is no longer used for
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson signing but is still published.
88ba491496daf4463a2c898be8a6c47775a6d048Mark Andrews - The "unpublished" date (-U) is deprecated in
88ba491496daf4463a2c898be8a6c47775a6d048Mark Andrews favor of "deleted" (-D).
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2676. [bug] --with-export-installdir should have been
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson --with-export-includedir. [RT #20252]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2675. [bug] dnssec-signzone could crash if the key directory
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson did not exist. [RT #20232]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson --- 9.7.0a3 released ---
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2674. [bug] "dnssec-lookaside auto;" crashed if named was built
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson without openssl. [RT #20231]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2673. [bug] The managed-keys.bind zone file could fail to
34b394b43e2207e8f8f3703f0402422121455638David Lawrence load due to a spurious result from sync_keyzone()
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2672. [bug] Don't enable searching in 'host' when doing reverse
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson lookups. [RT #20218]
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews2671. [bug] Add support for PKCS#11 providers not returning
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson the public exponent in RSA private keys
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson (OpenCryptoki for instance) in
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson dnssec-keyfromlabel. [RT #19294]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2670. [bug] Unexpected connect failures failed to log enough
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson information to be useful. [RT #20205]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2669. [func] Update PKCS#11 support to support Keyper HSM.
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson Update PKCS#11 patch to be against openssl-0.9.8i.
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2668. [func] Several improvements to dnssec-* tools, including:
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson - dnssec-keygen and dnssec-settime can now set key
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson metadata fields 0 (to unset a value, use "none")
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson - dnssec-revoke sets the revocation date in
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson addition to the revoke bit
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews - dnssec-settime can now print individual metadata
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson fields instead of always printing all of them,
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson and can print them in unix epoch time format for
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson use by scripts
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2667. [func] Add support for logging stack backtrace on assertion
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson failure (not available for all platforms). [RT #19780]
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson2666. [func] Added an 'options' argument to dns_name_fromstring()
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson (API change from 9.7.0a2). [RT #20196]
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews2665. [func] Clarify syntax for managed-keys {} statement, add
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson ARM documentation about RFC 5011 support. [RT #19874]
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews2664. [bug] create_keydata() and minimal_update() in zone.c
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews didn't properly check return values for some
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence functions. [RT #19956]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2663. [func] win32: allow named to run as a service using
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews "NT AUTHORITY\LocalService" as the account. [RT #19977]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr()
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews returned a misleading error code when lwresd was
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews down. [RT #20028]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2661. [bug] Check whether socket fd exceeds FD_SETSIZE when
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews creating lwres context. [RT #20029]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2660. [func] Add a new set of DNS libraries for non-BIND9
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews applications. See README.libdns. [RT #19369]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2659. [doc] Clarify dnssec-keygen doc: key name must match zone
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews name for DNSSEC keys. [RT #19938]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2658. [bug] dnssec-settime and dnssec-revoke didn't process
fe47f41b13620bfafc4f8cf65d5df24f1e568764Bob Halley key file paths correctly. [RT #20078]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2657. [cleanup] Lower "journal file <path> does not exist, creating it"
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews log level to debug 1. [RT #20058]
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews2656. [func] win32: add a "tools only" check box to the installer
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews which causes it to only install dig, host, nslookup,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews nsupdate and relevant DLLs. [RT #19998]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2655. [doc] Document that key-directory does not affect
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews bind.keys, rndc.key or session.key. [RT #20155]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2654. [bug] Improve error reporting on duplicated names for
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews deny-answer-xxx. [RT #20164]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2653. [bug] Treat ENGINE_load_private_key() failures as key
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews not found rather than out of memory. [RT #18033]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2652. [func] Provide more detail about what record is being
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews deleted. [RT #20061]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2651. [bug] Dates could print incorrectly in K*.key files on
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff 64-bit systems. [RT #20076]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2650. [bug] Assertion failure in dnssec-signzone when trying
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews to read keyset-* files. [RT #20075]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2649. [bug] Set the domain for forward only zones. [RT #19944]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2647. [bug] Remove unnecessary SOA updates when a new KSK is
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff added. [RT #19913]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff which default to 64 bits. [RT #19927]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews --- 9.7.0a2 released ---
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2644. [bug] Change #2628 caused a regression on some systems;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews named was unable to write the PID file and would
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews fail on startup. [RT #20001]
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews2643. [bug] Stub zones interacted badly with NSEC3 support.
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews2642. [bug] nsupdate could dump core on solaris when reading
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews improperly formatted key files. [RT #20015]
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews2641. [bug] Fixed an error in parsing update-policy syntax,
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews added a regression test to check it. [RT #20007]
f0ff273b530afa730025e1c5ad311950f7ff4328Mark Andrews2640. [security] A specially crafted update packet will cause named
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews to exit. [RT #20000]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2639. [bug] Silence compiler warnings in gssapi code. [RT #19954]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2638. [bug] Install arpaname. [RT #19957]
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2636. [func] Simplify zone signing and key maintenance with the
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence dnssec-* tools. Major changes:
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews - all dnssec-* tools now take a -K option to
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews specify a directory in which key files will be
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews - DNSSEC can now store metadata indicating when
7c0378745269fe49a05904935afc42b85528f53aDavid Lawrence they are scheduled to be published, activated,
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews revoked or removed; these values can be set by
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews dnssec-keygen or overwritten by the new
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews dnssec-settime command
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews - dnssec-signzone -S (for "smart") option reads key
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews metadata and uses it to determine automatically
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews which keys to publish to the zone, use for
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews signing, revoke, or remove from the zone
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews2634. [port] win32: Add support for libxml2, enable
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews statschannel. [RT #19773]
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews2633. [bug] Handle 15 bit rand() functions. [RT #19783]
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews2632. [func] util/kit.sh: warn if documentation appears to be out of
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews date. [RT #19922]
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews2631. [bug] Handle "//", "/./" and "/../" in mkdirpath().
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews [RT #19926 ]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2630. [func] Improved syntax for DDNS autoconfiguration: use
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews "update-policy local;" to switch on local DDNS in a
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews zone. (The "ddns-autoconf" option has been removed.)
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews2629. [port] Check for seteuid()/setegid(), use setresuid()/
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews setresgid() if not present. [RT #19932]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2628. [port] linux: Allow /var/run/named/named.pid to be opened
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews at startup with reduced capabilities in operation.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2627. [bug] Named aborted if the same key was included in
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews trusted-keys more than once. [RT #19918]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2626. [bug] Multiple trusted-keys could trigger an assertion
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews failure. [RT #19914]
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2624. [func] 'named-checkconf -p' will print out the parsed
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews configuration. [RT #18871]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2623. [bug] Named started seaches for DS non-optimally. [RT #19915]
bfb2a81b65579882a80855c279cedc45aebd62e8Mark Andrews2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2621. [doc] Made copyright boilterplate consistent. [RT #19833]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2620. [bug] Delay thawing the zone until the reload of it has
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews completed successfully. [RT #19750]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2619. [func] Add support for RFC 5011, automatic trust anchor
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews maintenance. The new "managed-keys" statement can
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews be used in place of "trusted-keys" for zones which
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews support this protocol. (Note: this syntax is
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews expected to change prior to 9.7.0 final.) [RT #19248]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2618. [bug] The sdb and sdlz db_interator_seek() methods could
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews loop infinitely. [RT #19847]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2617. [bug] ifconfig.sh failed to emit an error message when
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews run from the wrong location. [RT #19375]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2616. [bug] 'host' used the nameservers from resolv.conf even
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews when a explicit nameserver was specified. [RT #19852]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2615. [bug] "__attribute__((unused))" was in the wrong place
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews for ia64 gcc builds. [RT #19854]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2614. [port] win32: 'named -v' should automatically be executed
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews in the foreground. [RT #19844]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2613. [placeholder]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews --- 9.7.0a1 released ---
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2612. [func] Add default values for the arguments to
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dnssec-keygen. Without arguments, it will now
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews generate a 1024-bit RSASHA1 zone-signing key,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews or with the -f KSK option, a 2048-bit RSASHA1
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff key-signing key. [RT #19300]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2611. [func] Add -l option to dnssec-dsfromkey to generate
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews DLV records instead of DS records. [RT #19300]
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence2610. [port] sunos: Change #2363 was not complete. [RT #19796]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2609. [func] Simplify the configuration of dynamic zones:
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews - add ddns-confgen command to generate
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff configuration text for named.conf
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews - add zone option "ddns-autoconf yes;", which
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews causes named to generate a TSIG session key
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews and allow updates to the zone using that key
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff - add '-l' (localhost) option to nsupdate, which
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews causes nsupdate to connect to a locally-running
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews named process using the session key generated
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2608. [func] Perform post signing verification checks in
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dnssec-signzone. These can be disabled with -P.
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence The post sign verification test ensures that for each
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence algorithm in use there is at least one non revoked
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews self signed KSK key. That all revoked KSK keys are
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews self signed. That all records in the zone are signed
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews by the algorithm. [RT #19653]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2607. [bug] named could incorrectly delete NSEC3 records for
15330e4fa27c82ac04cc2ce234ec930e4b6b42d3Mark Andrews empty nodes when processing a update request.
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence2606. [bug] "delegation-only" was not being accepted in
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews delegation-only type zones. [RT #19717]
e4653123ecc6cdbfc0b9eda6e98e44af3b1f9a08Mark Andrews2605. [bug] Accept DS responses from delegation only zones.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2604. [func] Add support for DNS rebinding attack prevention through
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff new options, deny-answer-addresses and
15330e4fa27c82ac04cc2ce234ec930e4b6b42d3Mark Andrews deny-answer-aliases. Based on contributed code from
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews JD Nurmi, Google. [RT #18192]
1c3191528684f3dd93ebb122298c2f8ebfc6d397Mark Andrews2603. [port] win32: handle .exe extension of named-checkzone and
34b394b43e2207e8f8f3703f0402422121455638David Lawrence named-comilezone argv[0] names under windows.
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2602. [port] win32: fix debugging command line build of libisccfg.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2601. [doc] Mention file creation mode mask in the
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews named manual page.
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson2600. [doc] ARM: miscellaneous reformatting for different
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson page widths. [RT #19574]
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson2599. [bug] Address rapid memory growth when validation fails.
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson2598. [func] Reserve the -F flag. [RT #19657]
7c0378745269fe49a05904935afc42b85528f53aDavid Lawrence2597. [bug] Handle a validation failure with a insecure delegation
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff from a NSEC3 signed master/slave zone. [RT #19464]
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
5466ce3f279d9fa83ce826bcdc9482bc591152aeAndreas Gustafsson long, leading to inefficient memory usage or rejecting
5466ce3f279d9fa83ce826bcdc9482bc591152aeAndreas Gustafsson newer cache entries in the worst case. [RT #19563]
5466ce3f279d9fa83ce826bcdc9482bc591152aeAndreas Gustafsson2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
5466ce3f279d9fa83ce826bcdc9482bc591152aeAndreas Gustafsson2594. [func] Have rndc warn if using its default configuration
5466ce3f279d9fa83ce826bcdc9482bc591152aeAndreas Gustafsson file when the key file also exists. [RT #19424]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2593. [bug] Improve a corner source of SERVFAILs [RT #19632]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2591. [bug] named could die when processing a update in
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews removed_orphaned_ds(). [RT #19507]
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2590. [func] Report zone/class of "update with no effect".
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews2588. [bug] SO_REUSEADDR could be set unconditionally after failure
035504dbd8ca5949e8380b860873b3385a4e61e5Mark Andrews of bind(2) call. This should be rare and mostly
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews harmless, but may cause interference with other
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews processes that happen to use the same port. [RT #19642]
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews2587. [func] Improve logging by reporting serial numbers for
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson when zone serial has gone backwards or unchanged.
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson or SDB. [RT #19577]
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson2585. [bug] Uninitialized socket name could be referenced via a
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson statistics channel, triggering an assertion failure in
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff XML rendering. [RT #19427]
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews2584. [bug] alpha: gcc optimization could break atomic operations.
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson2583. [port] netbsd: provide a control to not add the compile
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews date to the version string, -DNO_VERSION_DATE.
2192b4497348ccab94ca6f3f779cec399c72a8efMark Andrews2582. [bug] Don't emit warning log message when we attempt to
2192b4497348ccab94ca6f3f779cec399c72a8efMark Andrews remove non-existent journal. [RT #19516]
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
25870d4a37ab4bc8e675502b08335200167cc044Bob Halley Requires MySQL 5.0.19 or later. [RT #19084]
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2580. [bug] UpdateRej statistics counter could be incremented twice
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews for one rejection. [RT #19476]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2579. [bug] DNSSEC lookaside validation failed to handle unknown
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews algorithms. [RT #19479]
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2578. [bug] Changed default sig-signing-type to 65534, because
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews 65535 turns out to be reserved. [RT #19477]
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2577. [doc] Clarified some statistics counters. [RT #19454]
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2576. [bug] NSEC record were not being correctly signed when
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews a zone transitions from insecure to secure.
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews Handle such incorrectly signed zones. [RT #19114]
2192b4497348ccab94ca6f3f779cec399c72a8efMark Andrews2575. [func] New functions dns_name_fromstring() and
2192b4497348ccab94ca6f3f779cec399c72a8efMark Andrews dns_name_tostring(), to simplify conversion
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff of a string to a dns_name structure and vice
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews versa. [RT #19451]
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews2574. [doc] Document nsupdate -g and -o. [RT #19351]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2573. [bug] Replacing a non-CNAME record with a CNAME record in a
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff single transaction in a signed zone failed. [RT #19397]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2572. [func] Simplify DLV configuration, with a new option
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews "dnssec-lookaside auto;" This is the equivalent
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews of "dnssec-lookaside . trust-anchor dlv.isc.org;"
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff plus setting a trusted-key for dlv.isc.org.
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews Note: The trusted key is hard-coded into named,
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews but is also stored in (and can be overridden
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence by) $sysconfdir/bind.keys. As the ISC DLV key
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews rolls over it can be kept up to date by replacing
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff the bind.keys file with a key downloaded from
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2571. [func] Add a new tool "arpaname" which translates IP addresses
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews to the corresponding IN-ADDR.ARPA or IP6.ARPA name.
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews2570. [func] Log the destination address the query was sent to.
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews2569. [func] Move journalprint, nsec3hash, and genrandom
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews "make install" will put them in $sbindir. [RT #19301]
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews2568. [bug] Report when the write to indicate a otherwise
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews successful start fails. [RT #19360]
904294c0c952227f7778fd0ba2ccea08c097b872Mark Andrews2567. [bug] dst__privstruct_writefile() could miss write errors.
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews write_public_key() could miss write errors.
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrews dnssec-dsfromkey could miss write errors.
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrews2566. [cleanup] Clarify logged message when an insecure DNSSEC
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence response arrives from a zone thought to be secure:
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence "insecurity proof failed" instead of "not
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence insecure". [RT #19400]
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence2565. [func] Add support for HIP record. Includes new functions
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrews dns_rdata_hip_first(), dns_rdata_hip_next()
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence and dns_rdata_hip_current(). [RT #19384]
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrews2564. [bug] Only take EDNS fallback steps when processing timeouts.
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrews2563. [bug] Dig could leak a socket causing it to wait forever
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrews to exit. [RT #19359]
8a17d1e7cdba9fdcf71fb2f821a954a251204105Mark Andrews2562. [doc] ARM: miscellaneous improvements, reorganization,
8a17d1e7cdba9fdcf71fb2f821a954a251204105Mark Andrews and some new content.
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence2559. [bug] dnssec-dsfromkey could compute bad DS records when
8a17d1e7cdba9fdcf71fb2f821a954a251204105Mark Andrews reading from a K* files. [RT #19357]
8a17d1e7cdba9fdcf71fb2f821a954a251204105Mark Andrews2558. [func] Set the ownership of missing directories created
8a17d1e7cdba9fdcf71fb2f821a954a251204105Mark Andrews for pid-file if -u has been specified on the command
8a17d1e7cdba9fdcf71fb2f821a954a251204105Mark Andrews line. [RT #19328]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2557. [cleanup] PCI compliance:
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence * new libisc log module file
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence * isc_dir_chroot() now also changes the working
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews directory to "/".
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * additional INSISTs
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * additional logging when files can't be removed.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews error checks in the correct order resulting in the
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews wrong error code sometimes being returned. [RT #19249]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2555. [func] dig: when emitting a hex dump also display the
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews corresponding characters. [RT #19258]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2554. [bug] Validation of uppercase queries from NSEC3 zones could
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews fail. [RT #19297]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
15330e4fa27c82ac04cc2ce234ec930e4b6b42d3Mark Andrews2552. [bug] zero-no-soa-ttl-cache was not being honoured.
15330e4fa27c82ac04cc2ce234ec930e4b6b42d3Mark Andrews2551. [bug] Potential Reference leak on return. [RT #19341]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2549. [port] linux: define NR_OPEN if not currently defined.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2548. [bug] Install iterated_hash.h. [RT #19335]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2547. [bug] openssl_link.c:mem_realloc() could reference an
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews out-of-range area of the source buffer. New public
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff function isc_mem_reallocate() was introduced to address
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews this bug. [RT #19313]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2546. [func] Add --enable-openssl-hash configure flag to use
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews OpenSSL (in place of internal routine) for hash
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence functions (MD5, SHA[12] and HMAC). [RT #18815]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2545. [doc] ARM: Legal hostname checking (check-names) is
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews for SRV RDATA too. [RT #19304]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2542. [doc] Update the description of dig +adflag. [RT #19290]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2541. [bug] Conditionally update dispatch manager statistics.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2540. [func] Add a nibble mode to $GENERATE. [RT #18872]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2539. [security] Update the interaction between recursion, allow-query,
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews allow-query-cache and allow-recursion. [RT #19198]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2538. [bug] cache/ADB memory could grow over max-cache-size,
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews especially with threads and smaller max-cache-size
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews values. [RT #19240]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2537. [func] Added more statistics counters including those on socket
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews I/O events and query RTT histograms. [RT #18802]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2536. [cleanup] Silence some warnings when -Werror=format-security is
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews specified. [RT #19083]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2534. [func] Check NAPTR records regular expressions and
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews replacement strings to ensure they are syntactically
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews valid and consistant. [RT #18168]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2533. [doc] ARM: document @ (at-sign). [RT #17144]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2532. [bug] dig: check the question section of the response to
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews see if it matches the asked question. [RT #18495]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2531. [bug] Change #2207 was incomplete. [RT #19098]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2530. [bug] named failed to reject insecure to secure transitions
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews via UPDATE. [RT #19101]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2529. [cleanup] Upgrade libtool to silence complaints from recent
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews version of autoconf. [RT #18657]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2528. [cleanup] Silence spurious configure warning about
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews --datarootdir [RT #19096]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2527. [placeholder]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2526. [func] New named option "attach-cache" that allows multiple
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews views to share a single cache to save memory and
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews improve lookup efficiency. Based on contributed code
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence from Barclay Osborn, Google. [RT #18905]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2525. [func] New logging category "query-errors" to provide detailed
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews internal information about query failures, especially
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews about server failures. [RT #19027]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2523. [bug] Random type rdata freed by dns_nsec_typepresent().
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2521. [bug] Improve epoll cross compilation support. [RT #19047]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2520. [bug] Update xml statistics version number to 2.0 as change
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence #2388 made the schema incompatible to the previous
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence version. [RT #19080]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2519. [bug] dig/host with -4 or -6 didn't work if more than two
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews nameserver addresses of the excluded address family
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff preceded in resolv.conf. [RT #19081]
df8c9ee4819c97089664ccc035eb2aa7569034fdDavid Lawrence2518. [func] Add support for the new CERT types from RFC 4398.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2517. [bug] dig +trace with -4 or -6 failed when it chose a
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews nameserver address of the excluded address type.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2516. [bug] glue sort for responses was performed even when not
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews needed. [RT #19039]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2515. [port] win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews a nameserver of the excluded address family.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2513. [bug] Fix windows cli build. [RT #19062]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2512. [func] Print a summary of the cached records which make up
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews the negative response. [RT #18885]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
df8c9ee4819c97089664ccc035eb2aa7569034fdDavid Lawrence2509. [bug] Specifying a fixed query source port was broken.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2508. [placeholder]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2507. [func] Log the recursion quota values when killing the
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence oldest query or refusing to recurse due to quota.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2506. [port] solaris: Check at configure time if
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews hack_shutup_pthreadonceinit is needed. [RT #19037]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2505. [port] Treat amd64 similarly to x86_64 when determining
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence atomic operation support. [RT #19031]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2504. [bug] Address race condition in the socket code. [RT #18899]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2503. [port] linux: improve compatibility with Linux Standard
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews Base. [RT #18793]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2502. [cleanup] isc_radix: Improve compliance with coding style,
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews document function in <isc/radix.h>. [RT #18534]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2501. [func] $GENERATE now supports all rdata types. Multi-field
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews rdata types need to be quoted. See the ARM for
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence details. [RT #18368]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence function. [RT #18582]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence --- 9.6.0rc1 released ---
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2498. [bug] Removed a bogus function argument used with
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews ISC_SOCKET_USE_POLLWATCH: it could cause compiler
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews warning or crash named with the debug 1 level
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews of logging. [RT #18917]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2497. [bug] Don't add RRSIG bit to NSEC3 bit map for insecure
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2496. [bug] Add sanity length checks to NSID option. [RT #18813]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2495. [bug] Tighten RRSIG checks. [RT #18795]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews installed. [RT #18826]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2493. [bug] The linux capabilities code was not correctly cleaning
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews up after itself. [RT #18767]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2492. [func] Rndc status now reports the number of cpus discovered
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews and the number of worker threads when running
15330e4fa27c82ac04cc2ce234ec930e4b6b42d3Mark Andrews multi-threaded. [RT #18273]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2491. [func] Attempt to re-use a local port if we are already using
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence the port. [RT #18548]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews is cleared when IPV6_V6ONLY is set. [RT #18785]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2489. [port] solaris: Workaround Solaris's kernel bug about
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
83ac7ce833930a5c6cb92ad9c04a58e775579e73Bob Halley Define ISC_SOCKET_USE_POLLWATCH at build time to enable
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews this workaround. [RT #18870]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2488. [func] Added a tool, dnssec-dsfromkey, to generate DS records
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews from keyset and .key files. [RT #18694]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2487. [bug] Give TCP connections longer to complete. [RT #18675]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2486. [func] The default locations for named.pid and lwresd.pid
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews This allows the owner of the containing directory
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews to be set, for "named -u" support, and allows there
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews to be a permanent symbolic link in the path, for
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews "named -t" support. [RT #18306]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2485. [bug] Change update's the handling of obscured RRSIG
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews records. Not all orphaned DS records were being
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews removed. [RT #18828]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2484. [bug] It was possible to trigger a REQUIRE failure when
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews adding NSEC3 proofs to the response in
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews query_addwildcardproof(). [RT #18828]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2483. [port] win32: chroot() is not supported. [RT #18805]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2482. [port] libxml2: support versions 2.7.* in addition
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews to 2.6.*. [RT #18806]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews --- 9.6.0b1 released ---
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews collisions. [RT #18812]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2480. [bug] named could fail to emit all the required NSEC3
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews records. [RT #18812]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2479. [bug] xfrout:covers was not properly initialized. [RT #18801]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2478. [bug] 'addresses' could be used uninitialized in
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews configure_forward(). [RT #18800]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2477. [bug] dig: the global option to print the command line is
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews +cmd not print_cmd. Update the output to reflect
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews this. [RT #17008]
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews2476. [doc] ARM: improve documentation for max-journal-size and
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews ixfr-from-differences. [RT #15909] [RT #18541]
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2475. [bug] LRU cache cleanup under overmem condition could purge
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews particular entries more aggressively. [RT #17628]
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence2474. [bug] ACL structures could be allocated with insufficient
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence space, causing an array overrun. [RT #18765]
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2473. [port] linux: raise the limit on open files to the possible
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence maximum value before spawning threads; 'files'
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews specified in named.conf doesn't seem to work with
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews threads as expected. [RT #18784]
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2472. [port] linux: check the number of available cpu's before
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews calling chroot as it depends on "/proc". [RT #16923]
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2471. [bug] named-checkzone was not reporting missing mandatory
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence glue when sibling checks were disabled. [RT #18768]
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence2470. [bug] Elements of the isc_radix_node_t could be incorrectly
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews overwritten. [RT# 18719]
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2469. [port] solaris: Work around Solaris's select() limitations.
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2468. [bug] Resolver could try unreachable servers multiple times.
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2465. [bug] Adb's handling of lame addresses was different
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews for IPv4 and IPv6. [RT #18738]
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2464. [port] linux: check that a capability is present before
20b20b23948b90cb2f7d7f402da99d09f837efd0David Lawrence trying to set it. [RT #18135]
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews API and glibc hides parts of the IPv6 Advanced Socket
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews API as a result. This is stupid as it breaks how the
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews two halves (Basic and Advanced) of the IPv6 Socket API
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews were designed to be used but we have to live with it.
20b20b23948b90cb2f7d7f402da99d09f837efd0David Lawrence Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews API. [RT #18388]
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2462. [doc] Document -m (enable memory usage debugging)
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews option for dig. [RT #18757]
20b20b23948b90cb2f7d7f402da99d09f837efd0David Lawrence2461. [port] sunos: Change #2363 was not complete. [RT #17513]
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews --- 9.6.0a1 released ---
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2460. [bug] Don't call dns_db_getnsec3parameters() on the cache.
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews2458. [doc] ARM: update and correction for max-cache-size.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2457. [tuning] max-cache-size is reverted to 0, the previous
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley default. It should be safe because expired cache
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley entries are also purged. [RT #18684]
ebd68da027cfa8da0fb536c3db11bb88292f41c7Andreas Gustafsson2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence address, regardless of family. They now correctly
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff distinguish IPv4 from IPv6. [RT #18559]
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff2455. [bug] Stop metadata being transferred via axfr/ixfr.
ebd68da027cfa8da0fb536c3db11bb88292f41c7Andreas Gustafsson2454. [func] nsupdate: you can now set a default ttl. [RT #18317]
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff2453. [bug] Remove NULL pointer dereference in dns_journal_print().
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff2452. [func] Improve bin/test/journalprint. [RT #18316]
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff2451. [port] solaris: handle runtime linking better. [RT #18356]
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence2450. [doc] Fix lwresd docbook problem for manual page.
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff2449. [placeholder]
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff2448. [func] Add NSEC3 support. [RT #15452]
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff2447. [cleanup] libbind has been split out as a separate product.
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff2446. [func] Add a new log message about build options on startup.
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff A new command-line option '-V' for named is also
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff provided to show this information. [RT# 18645]
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff2445. [doc] ARM out-of-date on empty reverse zones (list includes
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff RFC1918 address, but these are not yet compiled in).
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff (clear DF) for UDP responses and requests.
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff2443. [bug] win32: UDP connect() would not generate an event,
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff and so connected UDP sockets would never clean up.
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff Fix this by doing an immediate WSAConnect() rather
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff than an io completion port type for UDP.
f8aae502686e2448c48f56697c212a50e2a1cbaeAndreas Gustafsson2442. [bug] A lock could be destroyed twice. [RT# 18626]
b469f0321d2bcea3914c57d26fd43319e506c313Andreas Gustafsson2441. [bug] isc_radix_insert() could copy radix tree nodes
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence incompletely. [RT #18573]
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff2440. [bug] named-checkconf used an incorrect test to determine
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff if an ACL was set to none.
b469f0321d2bcea3914c57d26fd43319e506c313Andreas Gustafsson2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff2438. [bug] Timeouts could be logged incorrectly under win32.
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff2437. [bug] Sockets could be closed too early, leading to
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff inconsistent states in the socket module. [RT #18298]
b469f0321d2bcea3914c57d26fd43319e506c313Andreas Gustafsson2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
014892d86d30b7eceb0003d51788f9b5cadfc1bfAndreas Gustafsson2435. [bug] Fixed an ACL memory leak affecting win32.
014892d86d30b7eceb0003d51788f9b5cadfc1bfAndreas Gustafsson2434. [bug] Fixed a minor error-reporting bug in
014892d86d30b7eceb0003d51788f9b5cadfc1bfAndreas Gustafsson2433. [tuning] Set initial timeout to 800ms.
014892d86d30b7eceb0003d51788f9b5cadfc1bfAndreas Gustafsson2432. [bug] More Windows socket handling improvements. Stop
epoll and /dev/poll to be selected at compile
completion event send out canceled read/write
in rbtdb.c. [RT #18455]
2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
temporary, named.conf option reserved-sockets,
assertion in acl.c. [RT #18166]
2390. [bug] dispatch.c could make a false warning on 'odd socket'.
2387. [bug] Silence compiler warnings in lib/isc/radix.c.
2385. [bug] A condition variable in socket.c could leak in
2381. [port] dlz/mysql: support multiple install layouts for
mysql. <prefix>/include/{,mysql/}mysql.h and
2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
Documentation is in the new README.pkcs11 file.
were set at both the options/view level and in
named.conf. [RT #17581]
See <isc/mem.h> for details.
2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
rbtdb.c. Implement dead node processing in zones as
lib/dns/rdata/in_1/apl_42.c. [RT #17469]
2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
addresses in acl.c. [RT #17519]
bin/named/lwdnoop.c. [RT #17476]
2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
debug/fatal messages. [RT #17501]
2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
2306. [bug] Remove potential race from lib/dns/resolver.c.
2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
bin/tests/system/lwresd/lwtest.c. [RT #17474]
bin/tests/names/t_names.c. [RT #17473]
bin/nsupdate/nsupdate.c. [RT #17475]
bin/tests/timers/t_timers.c. [RT #17468]
bin/tests/dst/t_dst.c. [RT #17467]
2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
stub/slave master and journal files. [RT# 17279]
2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
2266. [bug] client.c:get_clientmctx() returned the same mctx
2257. [bug] win32: Use the full path to vcredist_x86.exe when
bindevt.dll. [RT #17159]
2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
2254. [bug] timer.c:dispatch() failed to lock timer->lock
2247. [doc] Sort doc/misc/options. [RT #17067]
2246. [bug] Make the startup of test servers (ans.pl) more
2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
If allow-query-cache is not set in named.conf then
If allow-recursion is not set in named.conf then
2194. [bug] Close journal before calling 'done' in xfrin.c.
2193. [port] win32: BINDInstall.exe is now linked statically.
2192. [port] win32: use vcredist_x86.exe to install Visual
2184. [bug] bind9.xsl.h didn't build out of the source tree.
2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
need to ship Microsoft.VC80.MFCLOC.
2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
Fix a memory leak in rbtdb.c:free_noqname().
Make lookup.c:lookup_find() robust against
2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
dighost.c:get_trusted_key(). [RT #16678]
hmac_link.c. [RT #16437]
2145. [bug] Check DS/DLV digest lengths for known digests.
2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
in adb.c. [RT #16670]
2138. [bug] Lock order reversal in resolver.c. [RT #16653]
2137. [port] Mips little endian and/or mips 64 bit are now
2136. [bug] nslookup/host looped if there was no search list
2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
2114. [bug] dig/host/nslookup: searches for names with multiple
2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
2103. [port] Add /usr/sfw to list of locations for OpenSSL
2100. [port] win32: copy libeay32.dll to Build\Debug.
2098. [bug] Race in rbtdb.c:no_references(), which occasionally
if resolv.conf does not exist or no nameservers
2091. [port] dighost.c: race condition on cleanup. [RT #16417]
2085. [doc] win32: added index.html and README to zip. [RT #16201]
2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
2080. [port] libbind: res_init.c did not compile on older versions
2076. [bug] Several files were missing #include <config.h>
of authoritative servers that drop EDNS and/or CD
2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
2043. [port] nsupdate/nslookup: Force the flushing of the prompt
2038. [bug] dig/nslookup/host was unlinking from wrong list
a non slave/stub zone. [RT # 16073]
2028. [port] linux: socket.c compatibility for old systems.
2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
2008. [func] It is now possible to enable/disable DNSSEC
breaks DNSSEC (firewall/proxy). [RT #15592]
2003. [bug] libbind: The DNS name/address lookup functions could
1988. [bug] Remove a bus error from the SHA256/SHA512 support.
1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
1981. [bug] win32: condition.c:wait() could fail to reattain
1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
now be set in named.conf (max-udp-size). This is
xfrin.c:maybe_free() if named ran out of memory.
1944. [cleanup] isc_hash_create() does not need a read/write lock.
1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
1922. [bug] check-tool.c:setup_logging() missing call to
1919. [contrib] queryperf: a set of new features: collecting/printing
'RD' was set in the query. host/nslookup skip servers
1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
1866. [bug] resolv.conf parse errors were being ignored by
dig/host/nslookup. [RT #14841]
1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
when CFLAGS contains "-I /usr/local/include"
1839. [bug] <isc/hash.h> was not being installed.
1836. [cleanup] Silence compiler warnings in hash_test.c.
1834. [bug] Bad memset in rdata_test.c. [RT #13658]
rbtdb.c:subtractrdataset(). [RT #13519]
option in named.conf can be used to specify a
1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
1810. [bug] configure, lib/bind/configure make different default
1808. [bug] zone.c:notify_zone() contained a race condition,
1788. [bug] libbind9.la/libbind9.so needs to link against
1785. [bug] libbind9.la/libbind9.so needs to link against
1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
file clause for rbt{64} master/hint zones. [RT#13009]
1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
1748. [func] dig now returns the byte count for axfr/ixfr.
1747. [bug] BIND 8 compatibility: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
1745. [bug] Dig/host/nslookup accept replies from link locals
1731. [port] darwin: relax version test in ifconfig.sh.
1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
1717. [port] solaris: ifconfig.sh did not support Solaris 10.
"ifconfig.sh down" didn't work for Solaris 9.
1716. [doc] named.conf(5) was being installed in the wrong
1714. [bug] dig/host/nslookup were only trying the first
1707. [contrib] sdb/ldap updated to version 1.0-beta.
1705. [func] Allow the journal's name to be changed via named.conf.
"#include <isc/print.h>". [RT #12321]
1701. [doc] A minimal named.conf man page.
are defined in named.conf. [RT #12023]
/usr/lib. [RT #11971]
1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
adb.c:set_target(). [RT #11582]
1648. [func] Update dnssec-lookaside named.conf syntax to support
1625. [bug] named failed to load/transfer RFC2535 signed zones
1612. [bug] check-names at the option/view level could trigger
1599. [bug] Fix memory leak on error path when checking named.conf.
DNSSEC specify "dnssec-enable yes;" in named.conf.
1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
1566. [port] Support for the cmsg framework on Solaris and HP/UX.
were specified in /etc/resolv.conf. [RT #8232]
1551. [port] Open "/dev/null" before calling chroot().
1532. [port] netbsd: the configure test for <sys/sysctl.h>
requires <sys/param.h>.
1517. [port] Support for IPv6 interface scanning on HP/UX and
only (e.g. DE, LV, US and MUSEUM) these can be excluded
1503. [port] win32: install libeay32.dll outside of system32.
named.conf, tcp-listen-queue.
1498. [port] bsdos: 5.x support.
1478. [port] ifconfig.sh didn't account for other virtual
1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
doc/misc/options. [RT #5616]
via named.conf (edns-udp-size).
1425. [port] linux/libbind: define __USE_MISC when testing *_r()
function prototypes in netdb.h. [RT #4921]
1422. [func] Log name/type/class when denying a query. [RT #4663]
1419. [port] openbsd: use /dev/arandom. [RT #4950]
1417. [func] ID.SERVER/CHAOS is now a built in zone.
1410. [func] Handle records that live in the parent zone, e.g. DS.
1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
'recursing-file = "named.recursing";'.
1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
1353. [contrib] sdb/ldap to version 0.9.
in socket.c and eliminating a host of socket
1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
1336. [func] Nibble lookups under IP6.ARPA are now supported by
1334. [bug] When signing/verifying rdatasets, duplicate rdatas
1326. [bug] DNAME/CNAME signatures were not being cached when
1324. [port] darwin: ifconfig.sh now supports darwin.
1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
1276. [bug] libbind: const pointer conflicts in res_debug.c.
1269. [port] Openserver: ifconfig.sh support.
<sys/param.h> is included or not. Be consistent.
1247. [bug] Don't reset the interface index for link/site local
1234. [bug] contrib/sdb: 'zonetodb' failed to call
1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
at the named.conf checking stage. [RT #2431]
1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
lib/dns to use this function instead of local one.
occurs when parsing named.conf. [RT #2275]
1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
1145. [func] "host" no longer reports a NOERROR/NODATA response
named/lwresd at compile time. [RT #1982]
1119. [func] Added support in Win32 for NTFS file/directory ACL's
could cause an assertion failure in resolver.c
violation in adb.c. [RT #2017]
1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
1088. [port] libbind: MPE/iX C.70 (incomplete)
on load/reload if views were used. [RT #1947]
1041. [bug] Dig/host/nslookup could catch an assertion failure
1032. [func] hostname.bind/txt/chaos now returns the name of
1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
1030. [bug] On systems with no resolv.conf file, nsupdate
1029. [bug] Some named.conf errors did not cause the loading
1002. [bug] When reporting an unknown class name in named.conf,
972. [bug] The file modification time code in zone.c was using the
non-existent nlist.h. [RT #1640]
957. [bug] sys/select.h inclusion was broken on older platforms.
in named/win32/os.c due to code changes in
updated to add include path for os.h header.
953. [func] The /var/run/named.key file from change #843
has been replaced by /etc/rndc.key. Both
method (rndc.conf / controls). Unlike
bin/tests. [RT #1555].
946. [cleanup] doc/misc/options is now machine-generated from the
when installing isc-config.sh.
were not accepted in named.conf. [RT #1469]
and added lib/isc/win32/entropy.c.
900. [bug] A config.guess update changed the system identification
bin/tests/system/ifconfig.sh now recognize the new
899. [bug] lib/dns/soa.c failed to compile on many platforms
897. [bug] A config.guess update changed the system identification
to Darwin. This was derived from the config.guess
849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
just as <lwres/net.h> does.
843. [func] If no controls statement is present in named.conf,
generated by named and an rndc.conf-style file
named named.key will be written that uses it. rndc
838. [port] UnixWare 7.x.x is now suported by
833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
<dns/soa.h>, and extended them to support
832. [bug] The default location for named.conf in named-checkconf
825. [bug] zone.c:ns_query() detached from the wrong zone
character (i.e. "/") in its name and the directory
down-cased when signing/verifying records. [RT #1186]
in rndc.conf.
786. [bug] When DNSSEC signing/verifying data, owner names were
755. [bug] Fix incorrectly formatted log messages in zone.c.
748. [doc] List supported RFCs in doc/misc/rfc-compliance.
739. [port] Look for /dev/random in configure, rather than
737. [port] stdtime.c failed to compile on certain platforms.
dispatch.c:do_cancel(). [RT #733]
718. [cleanup] "internal" is no longer a reserved word in named.conf.
failure in adb.c. [RT #738]
703. [port] sys/select.h is needed on older platforms. [RT #695]
702. [func] If the address 0.0.0.0 is seen in resolv.conf,
693. [bug] An empty lwres statement in named.conf caused
685. [bug] nslookup should use the search list/domain options
from resolv.conf by default. [RT #405, #630]
646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
for syntax checking named.conf files and zone files,
604. [bug] The named.conf parser could print incorrect line
577. [func] Log illegal RDATA combinations. e.g. multiple
570. [bug] rbtdb.c allowed zones containing nodes which had
568. [func] Add sample simple database drivers in contrib/sdb.
of rdata type/class mnemonics in log messages.
516. [bug] Cache lookups which had a NULL node pointer, e.g.
DNAME, would trigger an INSIST(!search.need_cleanup)
490. [func] When a slave/stub zone has not yet successfully
from the named.conf "listen-on" statement, sockets
477. [bug] The the isc-config.sh script could be installed before
471. [bug] nsupdate didn't compile on HP/UX 10.20
and subsequent name servers in resolv.conf if the
457. [bug] Dig/host/hslookup didn't properly handle connect
documented as such in named.conf. [RT #304, RT #311]
is specified in named.conf. [RT #306]
is specified in named.conf. [RT #301]
432. [func] Added refresh/retry jitter. The actual refresh/
428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
(e.g. glue). This could cause SERVFAILs when
e.g. due to corrupt zones with multiple SOA records.
an argc/argv style vector of words and sets
view/global one for CNAME targets and additional
369. [func] Support new named.conf options, view and zone
the distribution, in doc/man/dnssec.
353. [bug] double increment in lwres/gethost.c:copytobuf().
348. [func] New boolean named.conf options 'additional-from-auth'
345. [bug] Large-scale changes/cleanups to dig:
341. [func] Support 'key' clause in named.conf zone masters
327. [bug] rndc.conf parser wasn't correctly recognizing an IP
320. [func] Multiple rndc changes: parses an rndc.conf file,
319. [func] The named.conf "controls" statement is now used
314. [func] The named.conf controls statement can now have
313. [bug] When parsing resolv.conf, don't terminate on an
resolv.conf search path from 6 to 8. If there
resolv.conf was empty or a comment.
310. [func] Changes to named.conf "controls" statement (inet
are listed in resolv.conf, silently ignore them
each library's ipv6.h defines the wrapper symbol of
any $sbindir/dig from a previous release.)
that lack /dev/random.
280. [func] Add isc-config.sh, which can be used to more
two or more files in libomapi.a were not namespace
278. [bug] bin/named/logconf.c:category_fromconf() didn't take
266. [bug] zone.c:save_nsrrset() node was not initialized.
262. [bug] 'master' was not initialized in zone.c:stub_callback().
for global options block of named.conf. Both accept
258. [bug] Fixed printing of lwres_addr_t.address field.
256. [func] isc_ratelimiter_t now has attach/detach semantics, and
253. [func] resolv.conf parser now recognizes ';' and '#' as
252. [bug] resolv.conf parser mishandled masks on sortlists.
244. [bug] empty named.conf file and empty options statement are
243. [func] new cachesize option for named.conf
+ missing sigwait prototype on BSD/OS 4.0/4.0.1.
BSD/OS 4.*, Linux and Solaris 2.8.
230. [func] Replace the dst sign/verify API with a cleaner one.
from confparser.c, because of yacc's code, are
212. [func] Added dns_message_get/settsigkey, to make TSIG
compiling in the lib/dns/sec/{dnssafe,openssl}
204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
run on a PA 1.x system."
201. [cleanup] Removed the test/sdig program, it has been
replaced by bin/dig/dig.
(e.g., running out of network buffers) were
and/or interfaces. [19-May-2000 explorer]
191. [func] Patched to compile on UnixWare 7.x. This platform
range for overflow/underflow. In the case of
184. [cleanup] Variables/functions which began with two leading
underscores were made to conform to the ANSI/ISO
179. [func] options named.conf statement *must* now come
178. [func] Post-load of named.conf check verifies a slave zone
168. [bug] include statements in named.conf caused syntax errors
162. [bug] Ensure proper range for arguments to ctype.h functions.
masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
util/check-includes for how this was tested.
145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
<isc/result.h>.
of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
need <isc/eventclass.h>.
instead of <isc/time.h>.
128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
and creates null keys/sets zone status bit for
<isc/result.h>.
<isc/result.h>. Multiple inclusion protection
isc_symtab_t moved to <isc/types.h>.
<isc/net.h>.
118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
117. [cleanup] libdns.a changes:
116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
<isc/list.h>.
<isc/mutex.h>.
<isc/list.h>.
bin/tests/{db,mem,sockaddr,tasks,timers}/.
108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
105. [doc] doc/dev/coding.html expanded with other
103. [func] libisc buffer API changes for <isc/buffer.h>:
on BSD/OS 4.1.
101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
<isc/event.h>.
or <isc/result.h>.
<isc/result.h>.
90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
from <named/listenlist.h>.
<isc/mem.h>. isc_interface_t and isc_interfaceiter_t
moved to <isc/types.h>.
86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
<isc/types.h>.
<isc/int.h>.
<isc/lang.h>.
subsumed by file.o.
OpenSSL libraries/headers.
from <dns/types.h>.
59. [bug] Cause net/host unreachable to be a hard error
58. [bug] bin/named/query.c could sometimes trigger the
(client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
<sys/param.h>.
logging module "dns/validator".
and isc_lex_t to <isc/types.h>.
31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
25. [bug] make install failed to install <isc/log.h> and
configure.in to check for presence of in6addr_any.
9. [cleanup] replaced bit-setting code in confctx.c and replaced
4. [port] bin/named/unix/os.c didn't compile on systems with
get only what we need from <linux/capability.h>, and
systems without /dev/random.
lib/isc/unix/include/isc/Makefile.in had a typo which